NEW Clean up secureassets module artefacts (#8948)

See https://github.com/silverstripe/silverstripe-assets/issues/231

docs/en/02_Developer_Guides/14_Files/05_File_Migration.md

@@ -27,10 +27,12 @@ This task will perform a number of subtasks:
  - `move-thumbnails`: Move existing thumbnails, rather than have them generated on the fly.
    This task is optional, but helps to avoid growing your asset folder (no duplicate thumbnails)
  - `generate-cms-thumbnails`: The new CMS UI needs different thumbnail sizes, which can be pregenerated.
-   This can be a CPU and memory intensive task for large asset stores.
-   See [Migrating substantial number of files](#performance)
+    This can be a CPU and memory intensive task for large asset stores.
+    See [Migrating substantial number of files](#performance)
+ - `fix-secureassets`: Migrates files secured through the [silverstripe/secureassets](https://github.com/silverstripe/silverstripe-secureassets) module.
+    Ensures that previous `.htaccess` folder protections don't interfere with 4.x-style asset protections.
  - `fix-folder-permissions`: Fixes folder permissions which might have been broken by
-   previously using the [silverstripe/secureassets](https://github.com/silverstripe/silverstripe-secureassets)
+    previously using the [silverstripe/secureassets](https://github.com/silverstripe/silverstripe-secureassets)
 
 One or more subtasks can be run individually through the `only` argument.
 Example: `only=move-files,move-thumbnails`

docs/en/04_Changelogs/4.4.0.md

@@ -102,6 +102,27 @@ introduced in this release, requests to these legacy thumbnails will automatical
 their new locations. Review the [Github issue](https://github.com/silverstripe/silverstripe-assets/issues/235)
 for more details. 
 
+### Optional migration tasks: Remove artefacts from "secureassets" module {#secureassets}
+
+The [silverstripe/secureassets](https://github.com/silverstripe/silverstripe-secureassets)
+module allowed opt-in file security on SilverStripe 3.x sites.
+It is included by default in the Common Web Platform (CWP) 1.x recipe as well.
+The module uses the same metadata as the asset abstraction built-in to SilverStripe 4.x
+(`File.CanViewType`), so no migration is required for existing data.
+
+The module worked by placing `.htaccess` files in the specific folders it protected.
+The 4.x asset abstraction places files in a separate `assets/.protected` store instead.
+Those leftover `.htaccess` files can cause issues with accessing public files.
+In order to remove them, run the following task.
+
+```
+vendor/bin/sake dev/tasks/MigrateFileTask only=fix-secureassets
+```
+
+The task will auto-detect if you have any custom `.htaccess` files in folders, and retain those.
+Note that you'll need to run your own migration scripts if you've used the module
+with IIS and `web.config` files instead. 
+
 ### Hash-less Public Asset URLs FAQ {#hashless-faq}
 
 #### How are files named and renamed?

src/Dev/Tasks/MigrateFileTask.php

@@ -13,6 +13,7 @@ use SilverStripe\Control\Director;
 use SilverStripe\Core\Injector\Injector;
 use SilverStripe\Logging\PreformattedEchoHandler;
 use SilverStripe\Dev\BuildTask;
+use SilverStripe\Assets\Dev\Tasks\SecureAssetsMigrationHelper;
 
 /**
  * Migrates all 3.x file dataobjects to use the new DBFile field.
@@ -27,7 +28,8 @@ class MigrateFileTask extends BuildTask
         'move-files',
         'move-thumbnails',
         'generate-cms-thumbnails',
-        'fix-folder-permissions'
+        'fix-folder-permissions',
+        'fix-secureassets',
     ];
 
     private static $dependencies = [
@@ -110,6 +112,19 @@ class MigrateFileTask extends BuildTask
                 $this->logger->info("No folders required fixes");
             }
         }
+
+        if (in_array('fix-secureassets', $subtasks)) {
+            if (!class_exists(SecureAssetsMigrationHelper::class)) {
+                $this->logger->error("SecureAssetsMigrationHelper not found");
+                return;
+            }
+
+            $this->logger->info('### Fixing secure-assets (fix-secureassets)');
+
+            $moved = SecureAssetsMigrationHelper::singleton()
+                ->setLogger($this->logger)
+                ->run($this->getStore());
+        }
     }
 
     public function getDescription()